The software supply chain is no longer just “dev stuff” or “security stuff”: it’s everyone’s problem now. Developers, SREs, security engineers, platform teams, and even leadership all feel the impact when something breaks.
The Rootconf Supply Chain Security track this year is special because it’s not a random collection of talks. It’s a complete ecosystem tour, stitched together like your own pipelines and dependencies.
Here’s how it flows:
🔍 Start with the big map (State of Supply Chain Security - Nemo) Get oriented. What’s happening globally? What attacks are succeeding? What does “good” even look like? Think of this as your supply chain threat landscape and maturity model primer.
🛡️ Move to the invisible layer (eBPF detection - Rohit Kumar) Threats don’t stay in code; they hide in behavior. Static scans won’t save you. Learn how runtime observability with eBPF can give you eyes where traditional tools can’t.
📦 Rebuild from the ground up (Debian-inspired container distro - Abhishek Anand ) If your base OS is a bloated liability, your containers are already compromised. Learn what a container-native distro could look like. Minimal. Secure. Intentional.
⚖️ Understand the legal landmines (License Compliance - Biju K Nair) Open source = freedom + responsibility. Global standards (ISO/IEC 5230, OpenChain) are tightening the screws. Avoid that 3AM “why did we ship GPL code into production?” panic.
🧾 Make the buzzword real (Actionable SBOMs - Vivek Kumar Sahu) Everyone talks SBOM. Few know what to do with it. Learn how to score, enrich, and operationalize SBOMs into real workflows with tools like Dependency-Track. This track was designed so that each session answers the question the previous one raised. From awareness ➡️ detection ➡️ hardening ➡️ compliance ➡️ operational maturity.
If you’re serious about getting your arms around software supply chain security, Rootconf is the one-stop classroom + battlefield + strategy room you need. See you there.
https://hasgeek.com/rootconf/2025/
cc: Zainab Bawa Hasgeek